Idox Software Limited

Compliance e-learning

Compliance training on GDPR, Anti-Corruption, Information Security and others. Hosted, inculding reporting.

Features

  • Prevent Compliance breaches from happening
  • UKBA Compliance training
  • GDPR Compliance training
  • ISO37001
  • E-learning
  • Online courses
  • Prevent Compliance breaches from happening

Benefits

  • Regular training and awareness campaigns, documented and tracked
  • Mandatory part of an effective Compliance Management System
  • Standard web-based training provide easy access

Pricing

£24.95 per person

  • Education pricing available

Service documents

Framework

G-Cloud 11

Service ID

9 1 1 6 7 8 1 7 0 7 2 1 4 1 1

Contact

Idox Software Limited

Lucy Holland

0333 011 1200

frameworks@idoxgroup.com

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
No constraints when hosted, SCORM compatibility of the learning management system required when locally hosted.
System requirements
Standard web browser for access

User support

Email or online ticketing support
No
Phone support
No
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Idox provides Level 2&3 support, supporting designated administrators within the client organisation.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
The standard content is easily accessed via a web portal and is ready for use. No additional onboarding is required. Idox supports clients when devising their Compliance training strategy.
Service documentation
No
End-of-contract data extraction
Data extracts in portable formats such as *.csv or *.XML.
End-of-contract process
The service ends automatically with no further activity. A final report is generated on completion. Learner data is deleted from hosted system. Included in cost.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Firefox
  • Chrome
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Certain mobile operating systems will render the content differently on screen.
Service interface
No
API
No
Customisation available
No

Scaling

Independence of resources
Delivery infrastructure and user levels are monitored and sufficient headroom is kept on infrastructure.

Analytics

Service usage metrics
No

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
No
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
No data export
Data export formats
  • CSV
  • Other
Other data export formats
No data export
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
98% availability per 30 day period
Approach to resilience
Available on request.
Outage reporting
Public dashboard and e-mail alerts.

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
Roles distribution determines authentication.
Access restriction testing frequency
Less than once a year
Management access authentication
Dedicated link (for example VPN)

Audit information for users

Access to user activity audit information
You control when users can access audit information
How long user audit data is stored for
Between 1 month and 6 months
Access to supplier activity audit information
You control when users can access audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
Idox Software Ltd has an ISO 27001-certified information security management system. Idox Compliance adopts those policies specifically relating to information, information systems, networks, physical environments and people. Internal audit and information security awareness training is conducted review to review progress towards policy compliance. Risks raised through internal are reviewed at management meetings by the information security manager the appropriate head of business and a board representative.
Information security policies and processes
Idox Software Ltd has an ISO 27001-certified information security management policy that applies to all business functions within the scope of the Information Security Management System and covers the information, information systems, networks, physical environment and people supporting these business functions. Internal audit and information security awareness training is conducted to ensure policies are followed. Risks raise through internal our external audit are reviewed at management meetings by the information security manager the appropriate head of business and a board representative. We can provide copies of our information security policy and process documentation on request.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
System configuration is monitored and centrally managed by defined processes. Changes are controlled by a rigorous change management process, including documentation.
Vulnerability management type
Undisclosed
Vulnerability management approach
Regular vulnerability scanning for all services, servers, etc. Patches are deployed as available and tested, in accordance with severity of the threat.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Managed vulnerability scanning on a regular basis. Potential compromises and threats are evaluated and measures deployed in accordance with severity of the threat.
Incident management type
Undisclosed
Incident management approach
Process followed for common incidents, reports taken through various channels, incident reports confidential.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£24.95 per person
Discount for educational organisations
Yes
Free trial available
No

Service documents

Return to top ↑